Hi everyone - first post here I tend to make long posts so sorry in advance! Looks like a great community.

I'm an engineer with a growing interest in security related computer topics. I'm not scared to read a ton, and I know that's required to learn anything in this field. I've also looked over awesome threads in your forum such as skills required for pen testers etc, which gives a nice high level overview for the basics that are required. In other words, I have looked around a lot for this question I'm asking, please do your best not to tell me to search I promise I have.

After reading several books such as (sorry to list them all off)

"Backtrack 4, Assuring Security by Pen Testing"

"Grey Hat Hacking"

"Metasploit - The Pen Testers Guide"

"Google Hacking for Pen Testers"

"The Basics of Hacking and Penetration Testing"

"The Web Application Hackers Handbook"

"Backtrack 5 - Wireless Penetration Testing"

Currently Reading "TCP/IP Illustrated"

I feel as though I have a solid fundamental grasp of how different areas of security function, and unfortunately for me, how wide this area is for learning. I really feel like I want to knuckle down and learn more topics in depth (i.e. like learning about TCP/IP from the current book I'm reading) but I don't know what area's in pen testing are important / more important than others; or if it's purely a preference thing. It seems you can go into forensics, network testing, wireless testing, web application testing, exploit writing etc.

Give your experiences - Do you feel there is a particular field is most used, or perhaps a topic that is most prevalent throughout? What should a beginner learn first? I understand the "soft" areas of security are important such as linux / windows / network protocols, but I'm curious if there is actually a security field that should be focused on?

If you had to recommend a certificate for someone starting out, what would you recommend?

I know it's hard to answer these questions, and sorry if there isn't a right answer, but any feedback you could give me on the topic would be greatly appreciated. If it does all come down to personal preference I can accept that, but at least I know I won't regret whatever I choose. I can also appreciate that it's hard to assign a right answer without knowing motivation and background, but for me really it comes down to really enjoying learning about security, fascinating how people can bypass / make things do unintended things and gaining access to systems.

Thanks so much if you've read this far. I look forward to participating in the community

As far as a learning 'order', I could answer that in so many ways. However, I'd suggest that your immediate desire to go deeper in TCPIP is a wise choice. IMHO, if you don't have a good understanding of protocols, communication in general, etc, it doesn't generally allow you to be well-rounded. Knowledge of protocols and packet / traffic analysis is a solid and fundamental skill to have in your arsenal.

As for 'first' certifications, I'd lean towards eLearn Security's eCPPT, assuming you feel comfortable enough to dive in. That cert is nice because it lays many if the foundational blocks, and then progresses nicely, while also allowing you some hands-on practice. While I've never taken the exam for it, I've reviewed the courseware for both the older and current revision, and Armando and his team have done a great job with it.

As far as area of security that you pursue, it's a matter of preference. If you enjoy making things work in ways they shouldn't, pentesting is fun! If you aren't as comfortable 'modifying' things, yourself, but can analyze what others have done, then malware analysis and / or forensics may be more to your liking. Then there's more management positions / study tracks... Just depends on you.

Regardless, keep us informed on how you choose to progress, and good luck!

Last edited by hayabusa on Sat Jan 05, 2013 10:41 am, edited 1 time in total.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

but I don't know what area's in pen testing are important / more important than others; or if it's purely a preference thing. It seems you can go into forensics, network testing, wireless testing, web application testing, exploit writing etc.

I'll break each out separately based on how much time I spend on each. Keep in mind though, this is a field where you should really try to learn everything you can. However, hopefully this helps you prioritize...

Forensics: 0%, we have a dedicated forensics guy, that is all he does. I think this is normal, but others can correct me if I'm wrong.Network testing: TONS of TIME, a typical pen test in my company is some flavor of a network pen test, i.e. external, internalApplication Testing: TONS of TIME, I spend equally as much time on web apps as I do on network PT. In fact, on almost EVERY network pen test, you'll run across web apps that may/may not help you with the objectives of the pen test. You need to know both network and web apps equally.Wireless: SOME, these are usually "bundled" into internal pentests our company sells, but it's not the norm. Not near as much time is spent here. Wireless is pretty easy stuff though, it really doesn't take all that much time to get up to speed on the basics, as well as enterprise wireless stuff.Exploit writing: (as a hobby, LOTS) (for work, much LESS) If a company has a true research group, you might be doing this all the time. Similarly if you worked at a place like Metasploit, you would be writing sploits all the time. We have a lot of guys at my place that have never written an exploit, its not a "critical" skill for basic pen testing.

In my opinion, I think you should start with network and web apps, study them equally, become a bad ass at both. The rest will come easy if you master those two.

Do you have any sort of home lab? It's going to be difficult to develop serious skills and retain knowledge simply by reading books. Get VMware Workstation or ESXi and a Technet subscription and create an AD environment with various Microsoft servers. Add in *nix servers, web apps, etc. as you desire.

Also, there are tons of great resources on blogs. Check out sites like Carnal 0wnage and Iron Geek. Recreate the setup and exploit the configuration. Always try to branch out and learn about something you're not already familiar with.

Hi everyone. Wow what awesome responses, guess I'll be hanging around here for a while. Thanks for being so kind to the newbie

Hayabusa - Thanks for your input. With regards to protocols I believe what you say about knowing the way things work in depth. I guess what I should start doing is learning how everything works at a deep level before I start worrying about how to break it in any significant way, as many security targeted books and courses will let me do. Without solid foundations any knowledge I gain will always have lots of holes that need fixing.

On that note, after TCP/IP - and then I'm assuming in depth knowledge of Windows & Linux, would you recommend any particular area? If nothing comes to mind don't worry, I imagine I've just flippantly given three area's with a huge amount of information in them which will take me quite a while to get through and bring up 10's of questions I will need to continue answering on my own

With certifications I'll defiantly check out eCPPT. I don't "need" certs in the sense I'm happy in the field I am currently in, but I find I learn well with a structured framework so I'll still look into it. Pen testing sounds the most fun but who knows with experience I may learn to enjoy something else! Thank you for your awesome response.

cd1zz - Thanks for breaking it down for me like that. It's just what I was after. Helps me see what area's are really useful and what are the 'core' foundations to pen testing. Don't get me wrong, I appreciate that ALL area's of knowledge are definitely useful, but with everything some are used more than others. I'll definitely be focusing on networking and web applications (TCP/IP study ftw!)

ajohnson - Just a range of VM machines I've set up myself. Windows XP, Metasploitable / Metasploitable v2, De-ICE Challenges, OWASP BWA - the basics. I'll check out what other labs people have set up and take that on board for what I can integrate myself Thanks for your reply.

m0wgli - Thanks for the links, I'll definitely check them out!

Thanks again everyone, really appreciate the quality posts and it helps me a lot more with the directions I'll be taking (Networking / Web App focus, studying the knowledge in depth first before worrying about security concerns, then studying security aspects while testing out practical knowledge in a VM lab.)

You'll do well, if you deep dive into the basics, first, then progress into the more detailed parts of each, as you've noted. Each person learns differently, but in general, that's a very 'sound' approach, and one that many of us have taken.

Good luck, stay involved, and keep us in the loop, as you progress! (A lot of us like to help, as much as to learn for ourselves, so it's rewarding to see others progressing, too.)

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

Invidicous wrote:ajohnson - Just a range of VM machines I've set up myself. Windows XP, Metasploitable / Metasploitable v2, De-ICE Challenges, OWASP BWA - the basics. I'll check out what other labs people have set up and take that on board for what I can integrate myself Thanks for your reply.

The advice in this thread is really good. I would also suggest at some point that you include some hardware in your lab, so you can understand how to exploit network protocols / network hardware... it's pretty fun showing a client you own their entire network.